diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-05-16 20:29:28 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-05-16 20:29:28 +1000 |
commit | 5f96f3b4bee11ae2b9b32ff9b881c3693e210f96 (patch) | |
tree | 1e1c647e73e447b06b194b38b5d39e95aec8bef9 /sshd_config.5 | |
parent | c53c2af173cf67fd1c26f98e7900299b1b65b6ec (diff) |
- dtucker@cvs.openbsd.org 2013/05/16 04:09:14
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
page.
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 590fb4088..9e0b3a5c0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.158 2013/04/19 01:00:10 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.159 2013/05/16 04:09:14 dtucker Exp $ |
37 | .Dd $Mdocdate: April 19 2013 $ | 37 | .Dd $Mdocdate: May 16 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -814,6 +814,7 @@ Available keywords are | |||
814 | .Cm PermitRootLogin , | 814 | .Cm PermitRootLogin , |
815 | .Cm PermitTunnel , | 815 | .Cm PermitTunnel , |
816 | .Cm PubkeyAuthentication , | 816 | .Cm PubkeyAuthentication , |
817 | .Cm RekeyLimit , | ||
817 | .Cm RhostsRSAAuthentication , | 818 | .Cm RhostsRSAAuthentication , |
818 | .Cm RSAAuthentication , | 819 | .Cm RSAAuthentication , |
819 | .Cm X11DisplayOffset , | 820 | .Cm X11DisplayOffset , |
@@ -1008,6 +1009,33 @@ Specifies whether public key authentication is allowed. | |||
1008 | The default is | 1009 | The default is |
1009 | .Dq yes . | 1010 | .Dq yes . |
1010 | Note that this option applies to protocol version 2 only. | 1011 | Note that this option applies to protocol version 2 only. |
1012 | .It Cm RekeyLimit | ||
1013 | Specifies the maximum amount of data that may be transmitted before the | ||
1014 | session key is renegotiated, optionally followed a maximum amount of | ||
1015 | time that may pass before the session key is renegotiated. | ||
1016 | The first argument is specified in bytes and may have a suffix of | ||
1017 | .Sq K , | ||
1018 | .Sq M , | ||
1019 | or | ||
1020 | .Sq G | ||
1021 | to indicate Kilobytes, Megabytes, or Gigabytes, respectively. | ||
1022 | The default is between | ||
1023 | .Sq 1G | ||
1024 | and | ||
1025 | .Sq 4G , | ||
1026 | depending on the cipher. | ||
1027 | The optional second value is specified in seconds and may use any of the | ||
1028 | units documented in the | ||
1029 | .Sx TIME FORMATS | ||
1030 | section of | ||
1031 | .Xr sshd_config 5 . | ||
1032 | The default value for | ||
1033 | .Cm RekeyLimit | ||
1034 | is | ||
1035 | .Dq default none , | ||
1036 | which means that rekeying is performed after the cipher's default amount | ||
1037 | of data has been sent or received and no time based rekeying is done. | ||
1038 | This option applies to protocol version 2 only. | ||
1011 | .It Cm RevokedKeys | 1039 | .It Cm RevokedKeys |
1012 | Specifies revoked public keys. | 1040 | Specifies revoked public keys. |
1013 | Keys listed in this file will be refused for public key authentication. | 1041 | Keys listed in this file will be refused for public key authentication. |